On Nov 30, 2007 2:07 AM, Dan Fandrich <dan_at_coneharvesters.com> wrote:
> On Fri, Nov 30, 2007 at 01:25:25AM +0100, paranoid paranoia wrote:
> > This doesn't change the fact that most people who
> > set their cipher list to include only anonymous and/or
> > pre-shared key combinations will be mighty surprised
> > that curl insists on retrieving the peer's certificate,
> > since these variants don't require/use any... but, that's
> > their problem. If the "feature" is well-documented,
> > there's hardly anything to complain about.
>
> On the other hand, those people who accidentally set their cipher list to
> include anonymous ciphers (or who have them set for them through some
> nefarious means) will be might surprised to see that they've fallen victim
> to a MITM attack because the server certificate that they've insisted be
> verified by curl was not.

Oh, yes! And, protecting the clueless is a noble cause indeed...

Funny enough, it's _very_ easy to accidentally enable anonymous DH.
And, openssl's *demo/test* apps let you connect without a warning:

$ openssl s_server -nocert -cipher "ADH"

$ openssl s_client -verify 2 -cipher "DH"

On the other hand, none of the above applies to pre-shared key TLS,
which also breaks with the forced checks. So, would the proposal to
skip checking when CURLOPT_SSL_VERIFYPEER is set to 0 be an
acceptable compromise?

--pp
Received on 2007-12-04